Received: (qmail 22400 invoked by uid 2012); 15 Apr 1998 17:00:22 -0000 Message-Id: <19980415170022.22399.qmail@hyperreal.org> Date: 15 Apr 1998 17:00:22 -0000 From: Dean Gaudet Reply-To: dgaudet@apache.org To: apbugs@hyperreal.org Subject: using find_token() for If-Match et al is bogus X-Send-Pr-Version: 3.2 >Number: 2065 >Category: protocol >Synopsis: using find_token() for If-Match et al is bogus >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: closed >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Wed Apr 15 10:10:00 PDT 1998 >Last-Modified: Wed Jan 27 04:16:31 PST 1999 >Originator: dgaudet@apache.org >Organization: >Release: 1.2 and 1.3 >Environment: n/a >Description: If a request includes the header: If-Match: "abc def" the code will do completely the wrong thing. It treats this as two tokens rather than one. The bug isn't in find_token(), the bug is in meets_conditions() which shouldn't be using find_token(). Another function, maybe called find_quoted_string() should be added and used. See these new-httpd messages: Message-ID: Message-ID: Dean >How-To-Repeat: >Fix: >Audit-Trail: State-Changed-From-To: open-analyzed State-Changed-By: fielding State-Changed-When: Sun Sep 13 16:29:30 PDT 1998 State-Changed-Why: But, since we generate our own etags and know they do not contain any whitespace, it doesn't matter. Anything containing a space would never match one of our etags. It would be nice to have a find_value function that separated a field by the comma list items, removed extra whitespace, and then did a smart comparison. Comment-Added-By: coar Comment-Added-When: Tue Jan 26 12:55:58 PST 1999 Comment-Added: A patch for this is being tested.. State-Changed-From-To: analyzed-closed State-Changed-By: coar State-Changed-When: Wed Jan 27 04:16:30 PST 1999 State-Changed-Why: Fixed with ap_find_opaque_token() in 1.3.5-dev. >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ]